<html>
<head>
<link rel="stylesheet" type="text/css" href="./style.css" />
</head>
<img style="margin-left:42%; text-align:center" src="./img/logo_txt_only.jpg" />
<div style="text-align:center;background-color:#d0ddcf;border: 1px solid #9CAA9C;width:300px;margin-left:30%;width:600px">


<?php

include('functions.php');

dbConnect();

if(isset($_POST['edit']) && isLi()){
	
	$id = $_POST['id'];
	
	$sql = mysql_query("SELECT item, description, price FROM posts WHERE id = '$id'");
	$row = mysql_fetch_array($sql, MYSQL_NUM);
	
	echo '
		<form name="postItem" action="modifyItem.php" method="post">
		<b>Item Name</b><input type="text" name="item" value="' . $row[0] . '" /><br />
		<b>Item Price</b><input type="text" name="price" value="' . $row[2] . '" /><br />
		<b>Item Description</b><textarea name="description" rows="6" cols="80">' . $row[1] . '</textarea><br />
		<input type="hidden" name="id" value="' . $id . '">
		<input type="hidden" name="edit2" value="true">
		<input type="submit" value="Submit" />
		</form>
	';
	
	
} else if(isset($_POST['edit2'])){
	$id = $_POST['id'];
	$item = $_POST['item'];
	$description = $_POST['description'];
	$price = $_POST['price'];
	
	$sql = mysql_query("UPDATE posts SET item='$item' WHERE id='$id'");
	$sql = mysql_query("UPDATE posts SET description='$description' WHERE id='$id'");
	$sql = mysql_query("UPDATE posts SET price='$price' WHERE id='$id'");
	
	echo 'Post Updated!';
	
} else if(isset($_POST['delete'])){
	$id = $_POST['id'];
	
	$sql = mysql_query("SELECT item, description, price FROM posts WHERE id = '$id'");
	$row = mysql_fetch_array($sql);
	
	echo 'Are you sure you will like to delete the post titled <b>"' . $row['item'] . '"</b>';
	echo '
	<form name="delete2" action="modifyItem.php" method="post">
	<input type="hidden" name="id" value="' . $id . '">
	<input type="hidden" name="delete2" value="true">
	<input type="submit" value="Yes" />
	';
	echo 'Or <a href="' . getUrl() . '">Bring Me Home</a>';
	
	
} else if(isset($_POST['delete2'])){
	$id = $_POST['id'];
	
	$sql = mysql_query("DELETE FROM posts WHERE id='$id'");
	
	echo 'Item Deleted!';
} else {
	$ip = $_SERVER['REMOTE_ADDR'];
	echo 'You do not have permission to be on this page, your ip ' . $ip . ' has been logged';
	logAction($ip, 'unauthorized access to modifyitem.php page');
}
?>

</div>

<a style="margin-left:48%;text-align:center;color:black" href="<?= getUrl(); ?>">Return Home</a>

</html>